PT-2023-22009 · Mastodon · Mastodon
Gregxsunday
·
Published
2023-04-04
·
Updated
2024-03-06
·
CVE-2023-28853
CVSS v3.1
7.7
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Mastodon versions 2.5.0 through 3.5.7
Mastodon versions 3.5.8 is not affected, but versions prior to 3.5.8 are affected, however 4.0.3 and prior to 4.0.4 and 4.1.1 and prior to 4.1.2 are also affected.
Mastodon versions 2.5.0 through 4.1.1
Description
The issue arises from an insecure LDAP query during the login process, allowing an attacker to perform an LDAP injection attack. This can lead to the leakage of arbitrary attributes from the LDAP database.
Recommendations
For Mastodon versions 2.5.0 through 3.5.7, update to version 3.5.8 or later.
For Mastodon versions 4.0.0 through 4.0.3, update to version 4.0.4 or later.
For Mastodon versions 4.1.0 through 4.1.1, update to version 4.1.2 or later.
Exploit
Fix
Special Elements Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Mastodon